Mnemonic Generation Support

[dternyak]

Alongside raw private key and UTC wallet generation, it would be valuable for MEW to provide a mnemonic based wallet (potentially in the same format as MetaMask).

Misc Notes

• Metamask implementation
• BIP 32 - core
• BIP 39 - wordlist
• BIP 44 - paths

To create a binary seed from the mnemonic, we use the PBKDF2 function with a mnemonic sentence (in UTF-8 NFKD) used as the password and the string "mnemonic" + passphrase (again in UTF-8 NFKD) used as the salt. The iteration count is set to 2048 and HMAC-SHA512 is used as the pseudo-random function. The length of the derived key is 512 bits (= 64 bytes).

So any passphrase you choose, gets concatenated with "mnemonic" and is used as a salt. ie. if your passphrase was "Th1sI5mYp@ssphr@se"... it would be "mnemonicTh1sI5mYp@ssphr@se" being used as the salt and an iteration count of 2048.

Also, as mentioned in the BIP, ANY passphrase provided will generate a valid seed... so an attacker would then need to check addresses for every generated/tested passphrase for coins further slowing down any attack.

-- BIP 39?

[dternyak]

This issue is in regards to mnemonic generation, and not mnemonic decrypt. Re-opening.

[dternyak]

(Just announced) Etherjs is a strong candidate. Docs available here

[dternyak]

MetaMascara should provide this functionality while also allowing us to avoid managing key access within MEW directly.

Consider further investigation

[dternyak]

https://github.com/bitcoinjs/bip39#examples is what we will likely end up going with. We don't need an additional dependency, and bip39.generateMnemonic() is pretty much as easy as it gets.

[wbobeirne]

Put together some designs for selecting between either generate type, and what mnemonic generation will look like. Copy is definitely just a suggestion, so someone will want to look that over so we can finalize it.

Initial Choice Screen

As per #557, the copy above the options suggests using something else. Perhaps we want to put this inside of an alert element, or otherwise draw attention to it.

Generate Mnemonic

While unnecessary, having them enter a passphrase here is just so that we can confirm it later, and to make sure they're not surprised the first time they unlock / waiting to enter it later in the process.

Was there a plan to make a printable mnemonic wallet, like keystore?

Confirm Mnemonic

Most products have this step. Let me know if it's overkill.

Final Screen (Mnemonic)

Screenshots are out of date, but you get the idea. This may be overkill, but I think it leaves little to be interpreted incorrectly.

Final Screen (Keystore File)

The keystore flow would otherwise be unchanged, but it should have a similar end screen to mnemonic.

[tayvano]

• I don't think the last step is overkill, I like it

• I would remove the sidebar. I feel like it is too cluttered and distracting and prefer to keep the focus on the centerpieces you have created.

  • We can re-address what to do with this info in a different fashion separately. Ideally, this information would be moved to the last step of the on-boarding popovers (or something). Users could then go to proper place directly from the last on-boarding slide, rather than from the generate page. (Sharon has some good ideas on this. This should probably be new issue and workshopped.)

• I unsure about emphasizing that the mnemonic can be secured with a password on the first page. It's confusing as 1) most don't use a password and 2) the pw has plausible deniability so there is no "wrong" password (which makes it even more confusing) 3) it would make it incompatible with Metamask (I think).

• I would love to make a paper wallet version. 💖

  • Word-phrase (labeled "private" in some fashion)
  • BIP path (m/44'/60'/0'/0) (for recovering in super-long term if necessary)
  • First address on that path (for cold storagers)
  • The version number of the site (a big regret from current version of site)

• In terms of language, we used mnemonic as that is what Jaxx used when we added mnemonic support. I'm not a fan of that word, but would like to hear from others on this.

  • MetaMask uses seed phrase.
  • I personally call it word-phrase or 12-word phrase or 24-word phrase when asking about it on reddit or in support.
  • Ledger calls it your seed or passphrase or 24 word seed.
  • Trezor: Recovery seed is a mnemonic code made of 12, 18 or 24 words depending on your choice. This seed is generated the first time you run TREZOR

• Generally speaking, I wish we could include the word Private with them. e.g. "Private Keystore File" and "Private Seed Phrase". This would emphasize these are private, and connect it back to the public / private key concept that people eventually learn about anyways. However, making up new names should not be taken lightly, so I'm unsure about how I feel about this. Would love other's thoughts.

• The last step should probably start with "Click your MEW bookmark" or "Check the URL", just to re-iterate one more time to not be phucking phished. That makes it four steps, 4x1, which should be okay if we remove the sidebar. Can drop to 2x2 on tablets and 1x4 on mobile.

Copy recommends (if you don't love it, don't change it.)

• Managing your own keys can be risky and a single mistake can lead to irrecoverable loss. If you are new to cryptocurrencies, we strongly recommend using MetaMask, or purchasing a Ledger or TREZOR hardware wallet. Learn more about different wallet types & staying secure..

Keystore

• An encrypted JSON file, protected by a password
• Back it up on a USB drive
• Cannot be written, printed, or easily transferred to mobile
• Compatible with Mist, Parity, Geth
• Provides a single address for sending and receiving

Mnemonic

• A 12-word private seed phrase
• Back it up on paper or USB drive
• Can be written, printed, and easily typed on mobile, too
• Compatible with MetaMask, Jaxx, imToken, and more
• Provides unlimited addresses for sending and receiving

No strong feelings on the remainder of the copy. Great job!

[tayvano]

ps: I really really really really love how you have done the generate part to make it nearly impossible for them to copy and paste! 💖 💖 💖 💖 💖 💖 💖 💖 💖 💖

[wbobeirne]

Here's an adjustment to the final page. It lacks a certain subtlety, but hopefully it gets the right idea across.

[jidanni]

https://myetherwallet.github.io/knowledge-base/private-keys-passwords/difference-beween-private-key-and-keystore-file.html says

MyEtherWallet does not currently derive mnemonic phrases, but may in the future.

Maybe that should be updated.

[wbobeirne]

The knowledge base is going to need a lot of updating once v4 launches. There have been quite a few changes.